- Launch Guide
- Quick Start Guide
- Backup Guide
- Restore and Upgrade Guide
- TLS Certificate Generation Guide
- Cluster Configuration Guide
Peering to EJBCA Cloud Configuration Guide
- AWS Operating Environment
- EJBCA/SignServer Peering Security Groups
- Generate TLS Certificates for SignServer
- Allow Peer Connections in SignServer
- Peer Connection Configuration
- Creating the Peer Connection
- Allow Peer Connection in SignServer
- Configuring Automatic Generation and Key Renewal over Peers
- Automatically Renewing the Key Binding Key
SignServer CloudHSM Integration Guide
- Multiple Crypto Tokens with AWS CloudHSM
- Create a CloudHSM Cluster
- Use OpenSSL to Validate the HSM
- Initialize the CloudHSM
- Assigning Security Group
- Configure the cloudhsm-client
- PKCS11 PIN
- Activate Cluster
- Create a CloudHSM Crypto User
- Create Keystore in HSM with ClientToolBox
- Test with EJBCA ClientToolBox
- Create CryptoToken in SignServer
- Restoring HSM Backup to New Instance
Restarting and Verifying Cluster
Restarting the Cluster
If Galera is already configured, a bootstrap of the cluster is needed which will cause a brief outage. This is best done on a new cluster. It is not possible to run some nodes with SSL and not others.
You will need to bootstrap the cluster by starting the first node differently from the rest.
--wsrep-new-cluster to do that in the following order:
[root@node3 mysql]# service mysql stop [root@node2 mysql]# service mysql stop [root@node1 mysql]# service mysql stop [root@node1 mysql]# service mysql start --wsrep-new-cluster [root@node2 mysql]# service mysql start [root@node3 mysql]# service mysql start
Once the bootstrapping is done, restart Node 1 with a standard service start as done on the other nodes.
Verifying Cluster Connectivity
Run the following command to ensure that the cluster has all three nodes connected. This command can be run on any node.
Make sure to change <PASSWORD> to the database cluster password:
# mysql -u root --password=<PASSWORD> -e "show status like 'wsrep_cluster_size';"
This should return a value of 3:
To see the full wsrep status use the following command:
# mysql -u root --password=<PASSWORD> -e "show global status like 'wsrep%';"